CVE-2020-26088

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.

References

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.2

https://github.com/torvalds/linux/commit/26896f01467a28651f7a536143fe5ac8449d4041

https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html

https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html

https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html

https://usn.ubuntu.com/4578-1/

Details

Source: MITRE

Published: 2020-09-24

Updated: 2020-11-02

Type: CWE-276

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
147690EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2021-1642)NessusHuawei Local Security Checks
high
147512EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2021-1604)NessusHuawei Local Security Checks
high
146282openSUSE Security Update : RT kernel (openSUSE-2021-242)NessusSuSE Local Security Checks
high
144731EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2021-1039)NessusHuawei Local Security Checks
high
143875SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3532-1)NessusSuSE Local Security Checks
high
143857SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3544-1)NessusSuSE Local Security Checks
high
143801SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2905-1)NessusSuSE Local Security Checks
high
143784SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3014-1)NessusSuSE Local Security Checks
high
143708SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2904-1)NessusSuSE Local Security Checks
high
143699SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2907-1)NessusSuSE Local Security Checks
high
143671SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2879-1)NessusSuSE Local Security Checks
medium
143654SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3501-1)NessusSuSE Local Security Checks
high
143639SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3503-1)NessusSuSE Local Security Checks
high
142331EulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2411)NessusHuawei Local Security Checks
high
142260EulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2429)NessusHuawei Local Security Checks
high
142176Debian DLA-2420-2 : linux regression updateNessusDebian Local Security Checks
high
142148EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-2311)NessusHuawei Local Security Checks
high
141961Amazon Linux AMI : kernel (ALAS-2020-1437)NessusAmazon Linux Local Security Checks
high
141789Slackware 14.2 : Slackware 14.2 kernel (SSA:2020-295-01)NessusSlackware Local Security Checks
high
141448Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4578-1)NessusUbuntu Local Security Checks
high
141388openSUSE Security Update : the Linux Kernel (openSUSE-2020-1655)NessusSuSE Local Security Checks
high
141161openSUSE Security Update : the Linux Kernel (openSUSE-2020-1586)NessusSuSE Local Security Checks
medium
140933Debian DLA-2385-1 : linux-4.19 security updateNessusDebian Local Security Checks
high